"Interest in computer security is driven by events, and the number of events is increasing dramatically. - Ralph Merkle"
Welcome

Russ McRee's HolisticInfoSec.org is dedicated to sharing information security content and resources in an open, clear manner, with the hope of helping improve infosec for all who seek to do so. Information security is best broken down to the most simple components: best practices and common sense. The threat-scape facing an information security practitioner is perpetually dynamic; we must adapt and evolve as do those threats. Holisticinfosec.org endeavors to aid in that process through dynamic content and timely topics in ISSA Journal's toolsmith. As well we know, those who would do harm never rest: protect your own.

Practice simplicity
Seek to be proactive, rather than reactive
Think creatively, but adhere to standards
Employ best practices
 
toolsmith
July's toolsmith discusses NetWitness Investigator, "an interactive threat analysis application that lets you perform unprecedented free-form contextual analysis of raw network data."   
For August, we'll take a close look at Suricata , an open source multi-threaded intrusion detection/prevention engine from the Open Information Security Foundation.
toolsmith offers insights on tools useful to the infosec practitioner, typically open source and free.
The ISSA Journal is available to members in print and online at issa.org. Article copies are available on the toolsmith page.
 
Presented at 22nd Annual FIRST Conference

22nd Annual FIRST Conference

Russ presented Incident Response in Virtual Environments: Challenges in the Cloud, with Bryan Casper, at the 22nd Annual FIRST Conference in Miami, on Thursday, June 17, 2010, 1300-1400.

 

Abstract

Incident response in large production environments is challenging enough. Add layers of virtualization, a constantly dynamic state, as well as a broad external customer base and the challenges deepen exponentially.

This presentation aims to provide recommendations and guidance based on experience and information gathered while conducting incident response in such environments including large virtualized caching networks and cloud-based services. Logging, tooling, forensic methods, and egress-based network security monitoring are amongst the topics to be discussed. This presentation also intends to allow active discussion with participants to share their experiences.